Forum Discussion

Nimbostratus

Mar 03, 2020

Web Server HTTP Header Internal IP Disclosure

One of my virtual servers returns the vulnerability Web Server HTTP Header Internal IP Disclosure during a Nessus scan. Security is asking me to fix this but I am not sure how. I tried creating a tra...

Cirrus

Mar 03, 2020

they are refering to the easily to decode cookie BIGipServersecuritycode_pool , once decode you'll see the pool member IP address.

Easy solution is to encrypt the cookie.

Have a look into this great github page:

https://github.com/dnkolegov/bigipsecurity#persistence-cookie-information-leakage

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Web Server HTTP Header Internal IP Disclosure

Recent Discussions

Management IP F5 cant be accessed

ASD

Big-IP VE edition for MacBook M4 Chip

301 redirect and waf policy log problem

Background Tasks

Related Content

Communication between DMZ & Internal devices

vip call another vip with internal ip

planning to use only internal IP address

F5 LTM SNAT: only 1 outgoing connection, multiple internal clients

Server cert expired

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS